On May 22, 2013, at 7:14 AM, Julien Cigar <[email protected]> wrote: > Hello, > > I'm currently implementing a RBAC-like model for a webapp with the "usual > suspects": users, roles, permissions, etc where a "Role" has one or more > "Permissions", and an "User" can be in 1 or more "Role". > > I would like to some virtual-like "Role" that are automatically attribued in > some situations. For example "AnonymousUser" is the user is not logged, > "AuthenticatedUser" is the user is authenticated, "Owner" if the user "owns" > an object, etc. Those roles should always exist and should not be part of the > unit-of-work process, in fact I don't want to store them in the database. > I wondered if there is an elegant way to do that kind of stuff transparently > with SQLAlchemy?
well if they aren't DB persisted, then I'd start by not mapping them ..... you just would write some Python code to set up those objects as needed? depends on what you use to determine the roles. If the info is stored in the database, then I'd map something to those tables. > > Another question: I have different kind of "Permission" (some of them are > linked to a module, some to a content_type, some are "core" permissions, etc) > and I planned to use one separate table per "permission type" with concrete > table inheritance. I only used joined load inheritance (which work very well) > and from what I understood from the documentation concrete table inheritance > are somewhat discouraged? if you only need to select from one "concrete" class at a time, there's no issue. its only when people want to query across multiple types of classes that things get very tedious. -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sqlalchemy?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
